Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site-to-site IPsec traffic filtering

Hi,

I'm running an IPsec site-to-site VPN between to cisco router (a 1721 and a 857).

It works fine with the following access-list in my crypto map:

access-list 104 permit ip 172.16.1.0 0.0.0.255 172.16.10.0 0.0.0.255

But I want to only allow some traffic to cross the IPSec tunnel, when I change the above access-list in router B to:

access-list 104 permit tcp 172.16.1.0 0.0.0.255 172.16.10.0 0.0.0.255 eq smtp

A telnet (on smtp port) to one host at the other side of the tunnel doesn't work.

Analysis of the problem shows that the packets go from one side to the other side of the VPN but 'answers' never come back, even though the access-list on the other router allows any ip packets to enter the VPN.

Any idea of the issue ?

Is there a better way to filter the traffic that goes into the VPN ?

1 REPLY
New Member

Re: Site-to-site IPsec traffic filtering

the acl on the other side needs to be:

access-list 104 permit tcp 172.16.10.0 0.0.0.255 172.16.1.0 0.0.0.255 eq smtp

136
Views
0
Helpful
1
Replies
CreatePlease to create content